From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 19 18:02:06 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 714F363C
 for <freebsd-questions@freebsd.org>; Thu, 19 Feb 2015 18:02:06 +0000 (UTC)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com
 [IPv6:2607:f8b0:4003:c01::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 32166A2C
 for <freebsd-questions@freebsd.org>; Thu, 19 Feb 2015 18:02:06 +0000 (UTC)
Received: by mail-ob0-f174.google.com with SMTP id wo20so17193585obc.5
 for <freebsd-questions@freebsd.org>; Thu, 19 Feb 2015 10:02:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=Zj6C+IJnx3A21/oF0fmK3WKsPuC0a/SP6ccEAWFSeZ0=;
 b=qxYDI7bLp+pA+Fgl+2NaASANcjdtt2Hw6C4a7xJrbXTVmCtF7CuTBvSsi2q07UU1tQ
 8vKlpHi09L9v8EfXkL2cCbnrVhUpJdYYsy0tDuI/KbaCzBy95TQKXiT/VSmelmsUQ4eQ
 qXHd15Rm8krgiqzuTaJpDLpfG+8m/fGTVnkN8rcfzM6KKZ8Al+H2SO62ZXn4bpxPvHyw
 XVpMtmdCrvpOYVuDB1onmP4nuVvv1OVQjfrco7HWLRFRz87rZhpUKcLHI52u9lNtDO1y
 ylxU8DYcvbxQWET/+fwHOrCFCEX4Cd9Z5CDCxc+6Sj6Eb6Votr2b8OOo28pQXi/IUnmA
 ET2w==
MIME-Version: 1.0
X-Received: by 10.202.196.137 with SMTP id u131mr3559023oif.78.1424368925443; 
 Thu, 19 Feb 2015 10:02:05 -0800 (PST)
Received: by 10.202.213.83 with HTTP; Thu, 19 Feb 2015 10:02:05 -0800 (PST)
Date: Thu, 19 Feb 2015 12:02:05 -0600
Message-ID: <CAPW8bZ3gk8_GEqFkn7ukrtb54+MJNVReGADBj=V5HfOYhXRzdQ@mail.gmail.com>
Subject: FreeBSD 10.1 Kernel Panic (DoS?)
From: Dan Lists <lists.dan@gmail.com>
To: freebsd-questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 18:02:06 -0000

I recently installed FreeBSD 10.1 on a server, and I am having frequent
kernel panics.  It looks like the problem is in the ipf code.  Possibly in
the handling of fragments.   This could be a DoS.

Some information from the core.txt is below.  I have not included the
entire thing as it is 25,000 lines.  I would appreciate some help debugging
this issue.  I can provide additional information if necessary.   Thanks in
advance for your help!

FreeBSD name.changed 10.1-RELEASE-p5 FreeBSD 10.1-RELEASE-p5 #0: Tue Jan 27
04

Fatal trap 9: general protection fault while in kernel mode
cpuid = 10; apic id = 34
instruction pointer     = 0x20:0xffffffff80d22bc8
stack pointer           = 0x28:0xfffffe00002ad5b0
frame pointer           = 0x28:0xfffffe00002ad690
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (irq256: bce0)
trap number             = 9
panic: general protection fault
cpuid = 10
KDB: stack backtrace:
#0 0xffffffff80963000 at kdb_backtrace+0x60
#1 0xffffffff80928125 at panic+0x155
#2 0xffffffff80d24f1f at trap_fatal+0x38f
#3 0xffffffff80d24b7c at trap+0x75c
#4 0xffffffff80d0a782 at calltrap+0x8
#5 0xffffffff81a1e4f1 at ipf_frag_known+0x51
#6 0xffffffff81a37818 at ipf_check+0x308
#7 0xffffffff809f5324 at pfil_run_hooks+0x84
#8 0xffffffff80a5526e at ip_input+0x2fe
#9 0xffffffff809f44e2 at netisr_dispatch_src+0x62
#10 0xffffffff809eb996 at ether_demux+0x126
#11 0xffffffff809ec63e at ether_nh_input+0x35e
#12 0xffffffff809f44e2 at netisr_dispatch_src+0x62
#13 0xffffffff80485967 at bce_intr+0x6e7
#14 0xffffffff808faf4b at intr_event_execute_handlers+0xab
#15 0xffffffff808fb396 at ithread_loop+0x96
#16 0xffffffff808f8b6a at fork_exit+0x9a
#17 0xffffffff80d0acbe at fork_trampoline+0xe
Uptime: 19h31m40s
Dumping 1282 out of 16347
MB:..2%..12%..22%..32%..42%..52%..62%..72%..82%..92%

Reading symbols from /boot/kernel/ipl.ko.symbols...done.
Loaded symbols for /boot/kernel/ipl.ko.symbols
Reading symbols from /boot/kernel/ums.ko.symbols...done.
Loaded symbols for /boot/kernel/ums.ko.symbols
Reading symbols from /boot/kernel/ipfw.ko.symbols...done.
Loaded symbols for /boot/kernel/ipfw.ko.symbols
#0  doadump (textdump=<value optimized out>) at pcpu.h:219
219     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump (textdump=<value optimized out>) at pcpu.h:219
#1  0xffffffff80927da2 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:452
#2  0xffffffff80928164 in panic (fmt=<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80d24f1f in trap_fatal (frame=<value optimized out>,
    eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:865
#4  0xffffffff80d24b7c in trap (frame=<value optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:203
#5  0xffffffff80d0a782 in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:232
#6  0xffffffff80d22bc8 in bcmp () at /usr/src/sys/amd64/amd64/support.S:82
#7  0xffffffff81a1e2f2 in ipf_frag_lookup ()
    at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_frag.c:67
#8  0xffffffff81a1e4f1 in ipf_frag_known (fin=0xfffffe00002ad708,
    passp=0xfffffe00002ad704)
    at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_frag.c:85
#9  0xffffffff81a37818 in ipf_check (ctx=0xffffffff81a57688,
    ip=<value optimized out>, hlen=<value optimized out>,
    ifp=<value optimized out>, out=0, mp=0xfffffe00002ad868)
    at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/fil.c:3025
#10 0xffffffff809f5324 in pfil_run_hooks (ph=0xffffffff8164cef8,
    mp=0xfffffe00002ad8f0, ifp=0xfffff800085bb800, dir=1, inp=0x0)
    at /usr/src/sys/net/pfil.c:82
#11 0xffffffff80a5526e in ip_input (m=0xfffff8002b5dfd00)
    at /usr/src/sys/netinet/ip_input.c:488
#12 0xffffffff809f44e2 in netisr_dispatch_src (proto=<value optimized out>,
    source=<value optimized out>, m=0x1) at /usr/src/sys/net/netisr.c:972
#13 0xffffffff809eb996 in ether_demux (ifp=<value optimized out>,
    m=0xfffff8002b5dfd00) at /usr/src/sys/net/if_ethersubr.c:851
#14 0xffffffff809ec63e in ether_nh_input (m=<value optimized out>)
    at /usr/src/sys/net/if_ethersubr.c:646
#15 0xffffffff809f44e2 in netisr_dispatch_src (proto=<value optimized out>,
    source=<value optimized out>, m=0x1) at /usr/src/sys/net/netisr.c:972
#16 0xffffffff80485967 in bce_intr (xsc=0xfffffe0000e62000)
    at /usr/src/sys/dev/bce/if_bce.c:6828
#17 0xffffffff808faf4b in intr_event_execute_handlers (
    p=<value optimized out>, ie=0xfffff800085ea300)
    at /usr/src/sys/kern/kern_intr.c:1263
#18 0xffffffff808fb396 in ithread_loop (arg=0xfffff80008626940)
    at /usr/src/sys/kern/kern_intr.c:1276
#19 0xffffffff808f8b6a in fork_exit (
    callout=0xffffffff808fb300 <ithread_loop>, arg=0xfffff80008626940,
    frame=0xfffffe00002adc00) at /usr/src/sys/kern/kern_fork.c:996
#20 0xffffffff80d0acbe in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:606
#21 0x0000000000000000 in ?? ()
Current language:  auto; currently minimal